Extracted

• • Target

    a670e25daabef49a9a4e6d1a499971f5cbdae0a65f2d5910733f1f2dcd66a186.dll

  • Size

    3.7MB

  • MD5

    19f330d44484a05377331cf2eb04bd6d

  • SHA1

    4d8a61a1371d765570f92c705791026c710b7648

  • SHA256

    a670e25daabef49a9a4e6d1a499971f5cbdae0a65f2d5910733f1f2dcd66a186

  • SHA512

    36b44e700250165b28ff4c03a14976ff782becbf9c1c1bd773a036bd5625a04605aa211fd002a098a578d2abd3950229b4edb4e7650ca8d9103083242bea3931

  • SSDEEP

    98304:ziXAEqfpQA7KhbchheGvUapVXNe1gNuqh+CaO:eQxRQA7K9QPfZNe1rqh+

  Score

  10^/10

  rhadamanthysdiscoverypersistencestealer

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Adds Run key to start application

    persistence
  behavioral1behavioral2